How can I modify the rc.conf to enable secure_level of FreeBSD?

bsdfans · January 16, 2024, 04:44:11 AM

I want to modify the rc.conf to enable secure_level of FreeBSD,but I found that it will be restored after reboot.
How can I make it ?
Thanks.

franco · January 16, 2024, 05:13:40 PM

Besides the point that I don't know if securelevel adjustment works without messing with operation of OPNsense as a whole I don't see any reason why something would be reset if you set it correctly.

kern_securelevel_enable="YES" # kernel security level (see security(7))
kern_securelevel="x" # range: -1..3 ; `-1' is the most insecure

Where x is the correct level and the file to put this into is /etc/rc.conf (which we don't even touch which is why it's not there and you need to create it).

Good luck,
Franco

bsdfans · January 16, 2024, 05:45:41 PM

Quote from: franco on January 16, 2024, 05:13:40 PM
Besides the point that I don't know if securelevel adjustment works without messing with operation of OPNsense as a whole I don't see any reason why something would be reset if you set it correctly.

kern_securelevel_enable="YES" # kernel security level (see security(7))
kern_securelevel="x" # range: -1..3 ; `-1' is the most insecure

Where x is the correct level and the file to put this into is /etc/rc.conf (which we don't even touch which is why it's not there and you need to create it).

Good luck,
Franco

The /etc/hosts was also restored after reboot.

franco · January 16, 2024, 06:05:52 PM

Just for emphasis I'd like to point out that /etc/hosts is not /etc/rc.conf and does not really overlap with securelevel as far as I could see. So you may be looking at least at one configuration issue.

Cheers,
Franco

How can I modify the rc.conf to enable secure_level of FreeBSD?

bsdfans

January 16, 2024, 04:44:11 AM

franco

January 16, 2024, 05:13:40 PM #1

bsdfans

January 16, 2024, 05:45:41 PM #2

franco

January 16, 2024, 06:05:52 PM #3